[Owasp-topten] A7 2013 - "Some proxies support this type of analysis"

Adam Baso adam at comotheory.com
Fri May 31 15:25:17 UTC 2013


Off the top of my head, Burp Suite (
http://portswigger.net/burp/help/target_sitemap_comparingmaps.html) and IBM
AppScan Standard support this. Not sure off the top of my head about this
feature being in ZAP.

Of course efficacy of such access control analysis depends in part on
configuration.

I believe convention in the doc is to avoid listing commercial, non-OWASP
tools.
On May 31, 2013 8:11 AM, "Ryan Dewhurst" <ryandewhurst at gmail.com> wrote:

> Hi,
>
> On "Top 10 2013-A7-Missing Function Level Access Control" under the "Am I
> Vulnerable To 'Missing Function Level Access Control'?" section it states
> "Some proxies support this type of analysis.". -
> https://www.owasp.org/index.php/Top_10_2013-A7
>
> Does anyone know which proxies support this kind of analysis? Burp, Zap,
> others?
>
> I ask out of personal curiosity but not sure if it is also worth adding
> which proxies to that text.
>
> Thanks,
> Ryan
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130531/0a3120f5/attachment.html>


More information about the Owasp-topten mailing list